Category: Applications

Listening to NXDN with SDRSharp, the AuxVFO Plugin and DSD+

Over on YouTube user John Miller has uploaded a video showing how he receives NXDN digital audio using a combination of SDR#, the AuxVFO plugin and DSD+. He writes:

I have it set with 5 auxiliary VFO’s one for each channel of the Christian Co NXDN system from the Kelly Towers. I use VAC to route the audio from each VFO to DSD+ each VFO has it own DSD+ running. I then have all the DSD+ go into one output VAC and use that to run a feed on Broadcastify, The secret to running multiple DSD+ is to have separate install of it, so I have 5 DSD+ folders.

HackRF Controlling a Quadcopter

Over on YouTube user Mike has uploaded a video showing a quadcopter being controlled by the HackRF, a low cost transmit capable software defined radio. Mike uses a Hubson X4 quadcopter and controls it with a USB joystick coupled with GNU Radio. According to a tweet by Micheal Ossmann (the inventor of the HackRF), there were initially USB latency issues that caused problems, but have since been fixed by Mike.

HackRF quadcopter control

RTL-SDR Cell Phone IMSI, TMSI and Key Sniffer

Over on YouTube user Kali Gsm has uploaded a video showing off a new software program he has written that allows an RTL-SDR to be used to gather IMSI, TMSI and Key information from a cell phone connected to a PC.

The IMSI (International Mobile Subscriber Identity) is a number that uniquely identifies a cell phone. Because IMSI’s are unique, they can be used to track a cell phone so they are rarely broadcast and instead a TMSI (Temporary Mobile Subscriber Identity) number is used to identify a cell phone instead. The TMSI is changed depending on geographic location or changed by the network randomly. The key is a number that is used to decrypt the GSM data sent to your phone.

Kali Gsm’s software is called rtl_tool_kit and is planned to be released soon on it’s GitHub page. It uses the gr-gsm software to sniff the GSM downlink with an RTL-SDR dongle and also interfaces to a connected mobile phone. The author writes that the following is possible with the software:

  1. You can get imsi tmsi and key of the device connected to your pc.
  2. You can send silent/flash sms
  3. You can connect/match tmsi to a mobile number if target is on the same BTS and in GSM900/2G mode.

Update 25/01/2015: All YouTube videos appear to have been removed – though the uploader reports in the comments that the videos will be back online soon.
Update 29/01/2015: Videos are back online.


Listening to SCA with HDSDR, SDR# and an RTL-SDR

In the USA and Canada a subcarrier called SCA (Subsidary Communications Authority) is used to add additional services to a broadcast FM signal. Some examples of the extra services provided are live financial stock telemetry, audio books for the blind, specialized audio radio programs for doctors etc and background music for supermarkets and stores. These SCA signals are modulated into standard broadcast FM radio signals, but require a special radio to receive them. Subcarrier signals can easily be spotted in the audio/baseband waterfall and spectrum plots available in most SDR software.

Over on the new RTL-SDR DX blog, the author (Jay Moore) has uploaded an article showing how to use an RTL-SDR dongle to listen to audio SCA signals. The process involves using HDSDR to receive the broadcast FM signal, then using Virtual Audio Cable to pipe the audio into SDR#, where it is then possible to tune to the audio SCA signal. The same process could also be used to receive different subcarriers used in other countries such as Finland where a subcarrier is used to transmit DARC encoded bus stop sign telemetry.

SCA audio received via a combination of HDSDR and SDR#
SCA audio received via a combination of HDSDR and SDR#
Decoding SCA with HDSDR and SDR#

RTL-SDR Panadapter Using Hardware Radio Receiver IF Stages

Over on YouTube user Jay Moore has uploaded a video explaining how to connect an RTL-SDR dongle to the IF stage of a hardware radio in order to create a panadapter. In the video Jay briefly explains how a radio with an IF stage works and then shows how he tapped into his Sansui 2000 hardware radio’s IF stage directly from the circuit board. The IF stage then connects to a ham-it-up upconverter which connects to the RTL-SDR.

By connecting the IF stage of a hardware radio to the RTL-SDR it is possible to use the hardware radio as the receiver while using the RTL-SDR to still maintain the benefits of a spectrum display. Most purpose built hardware radios will have better reception than the RTL-SDR.

RTL-SDR on receiver IF stages

Updates to the Power Line Noise Detector “Driveby” System

A few days ago we posted about Tim Havens “driveby” project, which is a RTL-SDR based system he developed to help create heatmaps of power line noise in his neighborhood. Upon doing further research, Tim discovered that the main source of power line interference was appearing at a frequency of 44.252 MHz. Then by using his driveby system to create a heatmap of his area at this frequency and also by using a hand held radio he was able to pinpoint a massive source of power line noise.

The noise appears to be coming from a faulty and unsafe power pole near a local school. He writes that the power poles primary ground line has been severed and that a wire from the AC line is simply dangling in the air, ready to be grabbed by school children.

Heatmap showing sources of powerline interference
Heatmap showing sources of powerline interference
The faulty power pole
The faulty power pole with dangling AC line
Severed grounding line
Severed grounding line

Measuring Frequency Deviation of an FM Transmitter with an RTL-SDR

Over on YouTube user KP4MD has uploaded a video showing how she uses an RTL-SDR together with SDR#, a program called Visual Analyzer and an AEA PK-232 Terminal Node Controller to measure the frequency deviation of a Yaesu FT-8800R Transceiver. She writes:

The SDR# receiver is tuned to 145.050 MHz and the bandwidth set to 20 kHz.

The deviation level of the 1200 Hz tone is increased until a null appeared on the carrier frequency.

This is called a Bessel Zero and occurs at various predicted modulation indices (2.4, 5.52, 8.66, etc).

The Modulation Index is defined as the peak frequency deviation divided by the modulation frequency.

This Bessel Zero occurred at a modulation index of 2.4 corresponding to a frequency deviation of ±2.88 kHz (2.4 x 1.2 kHz).

The oscilloscope indicates that a peak to peak amplitude of 54.3% corresponds to ±2.88 kHz deviation.

The 1200 Hz tone modulation is increased to yield a peak to peak amplitude of 66%.

This corresponds to the desired ±3.5 kHz frequency deviation.

Frequency Deviation Measurement with an RTL-SDR Dongle

New Oregon Scientific Temperature/Humidity Data Receiver Software for MacOS and RTL-SDR

Recently programmer Erik Larsen wrote in to us to let us know about a MacOS application he has been developing to receive temperature and humidity data from Oregon Scientific v2.1 sensors. Oregon Scientific manufactures popular electronic weather stations that transmit data from remote sensors wirelessly. Using an RTL-SDR and Eriks software it is possible to receive the weather station data on a Mac computer and display the data on a GUI. The software can be downloaded from the releases section on its GitHub page.

Note that there are also several Linux based Oregon Scientific decoders available including rtl-433m-sensor, rtl_osv21, and rtl-wx.

Oregon Weather Decoder
Oregon Weather Decoder